bpo-43466: Use pkg-config with --static in the PY_UNSUPPORTED_OPENSSL_BUILD path in setup.py #25475
Conversation
…_BUILD path in setup.py
| @@ -2447,8 +2447,13 @@ def split_var(name, sep): | |||
| # features like DSO engines or external OSSL providers don't work. | |||
| # Only tested on GCC and clang on X86_64. | |||
| if os.environ.get("PY_UNSUPPORTED_OPENSSL_BUILD") == "static": | |||
| import subprocess, shutil | |||
| pkgconfig = os.getenv("PKG_CONFIG", shutil.which("pkg-config")) | |||
There was a problem hiding this comment.
This will give incorrect results on systems without pkg-config. ax_check_openssl.m4 works around missing pkg-config.
There was a problem hiding this comment.
That's fine, we don't support all platforms for this hack. We can fall back to the previous behaviour if there is no pkg-config
| import subprocess, shutil | ||
| pkgconfig = os.getenv("PKG_CONFIG", shutil.which("pkg-config")) | ||
| libs_out = subprocess.check_output( | ||
| [pkgconfig, "--static", "--libs-only-l", "openssl"]).decode() |
There was a problem hiding this comment.
You are not taking --with-openssl= configure option into account. It will only look up openssl.pc in standard pkg-config paths.
There was a problem hiding this comment.
Where is that logic in the configure script? I can try to adapt it
There was a problem hiding this comment.
It's in an external autoconf-archive script called ax_check_openssl.m4, https://www.gnu.org/software/autoconf-archive/ax_check_openssl.html . You cannot modify it.
Because the libraries they you need to link against to link OpenSSL statically is different than the ones you need to link against dynamically. In particular, in the second case you pick many dependencies transitively but in the first case you don't. The error you get in this platforms is a linker error for a missing dependency on libz. pkg-config --static --libs-only-l gives you the complete set of libraries you need to link against to link a library statically while pkg-config --libs-only-l just gives your the first level of the dependency tree. |
That sounds like old OpenSSL with TLS compression support. Meh! I would be totally fine to just hard-code the extra shared library: |
Ok, let's do that. I honestly dislike having to deal with pkg-config directly. |
me, too! Does the hack solve the problem for you? |
Confirmed, this patch works in all systems I checked: diff --git a/setup.py b/setup.py
index 253053da7f..d3da969807 100644
--- a/setup.py
+++ b/setup.py
@@ -2453,11 +2453,11 @@ def split_var(name, sep):
# Only tested on GCC and clang on X86_64.
if os.environ.get("PY_UNSUPPORTED_OPENSSL_BUILD") == "static":
extra_linker_args = []
- for lib in openssl_extension_kwargs["libraries"]:
+ for lib in openssl_extension_kwargs["libraries"] + ["z"]: |
|
I will update the PR soon |
|
Does it also work when you link to libz dynamically? libz.a may not be available. |
|
@pablogsal ping? |
Sorry for the late response, I have been swamped trying to update the buildbot server. I think we can dynamically link against libz as there is no risk with those symbols. Would that work for you? |
|
+1 I have opened #25587 to address the issue and reduce your work load. |
I tested in a bunch of old distributions (including RHEL6) and we need to run
pkg-configwith "--static" to obtain the actual expanded list of static libs.https://bugs.python.org/issue43466